Quantifier elimination by dependency sequents

Abstract

We consider the problem of existential quantifier elimination for Boolean CNF formulas. We present a new method for solving this problem called derivation of dependency-sequents (DDS). A dependency-sequent (D-sequent) is used to record that a set of variables is redundant under a partial assignment. We introduce the join operation that produces new D-sequents from existing ones. We show that DDS is compositional, i.e., if our input formula is a conjunction of independent formulas, DDS automatically recognizes and exploits this information. We introduce an algorithm based on DDS and present experimental results demonstrating its potential.

Appendices

Appendix

The appendix contains proofs of the propositions listed in the paper. We also give proofs of lemmas used in the proofs of propositions.

Propositions of Sect. 2: redundant variables, boundary points and quantifier elimination

Proposition 1

A \(Z\)-boundary point \(\varvec{p}\) of \(F\) is removable in \(\exists {X} [F]\), iff one cannot turn \(\varvec{p}\) into an assignment satisfying \(F\) by changing only the values of variables of \(X\).

Proof

If part. Assume the contrary, that is \(\varvec{p}\) is not removable while no satisfying assignment can be obtained from \(\varvec{p}\) by changing only assignments to variables of \(X\). Let \(Y = Vars (F) \setminus X\) and \(C\) be a clause consisting only of variables of \(Y\) and falsified by \(\varvec{p}\). Since \(\varvec{p}\) is not removable, clause \(C\) is not implied by \(F\). This means that there is an assignment \(\varvec{s}\) that falsifies \(C\) and satisfies \(F\). By construction, \(\varvec{s}\) and \(\varvec{p}\) have identical assignments to variables of \(Y\). Thus, \(\varvec{s}\) can be obtained from \(\varvec{p}\) by changing only values of variables of \(X\) and we have a contradiction.

Only if part. Assume the contrary, that is \(\varvec{p}\) is removable but one can obtain an assignment \(\varvec{s}\) satisfying \(F\) from \(\varvec{p}\) by changing only values of variables of \(X\). Since \(\varvec{p}\) is removable, there is a clause \(C\) that is implied by \(F\) and falsified by \(\varvec{p}\) and that depends only of variables of \(Y\). Since \(\varvec{s}\) and \(\varvec{p}\) have identical assignments to variables of \(Y\), point \(\varvec{s}\) falsifies \(C\). However, since \(\varvec{s}\) satisfies \(F\), this means that \(C\) is not implied by \(F\) and we have a contradiction. \(\square \)

Proposition 2

The variables of \(Z \subseteq X\) are not redundant in \(\exists {X} [F]\) iff there is an \(X\)-removable \(W\)-boundary point of \(F\), \(W \subseteq Z\).

Proof

Let \(H\) denote \(F \setminus F^ Z \) and \(Y\) denote \( Vars (F) \setminus X\). Given a point \(\varvec{p}\), let (\(\varvec{x}\),\(\varvec{y}\)) specify the assignments of \(\varvec{p}\) to the variables of \(X\) and \(Y\) respectively.

If part. Assume the contrary, i.e., there is an \(X\)-removable \(W\)-boundary point \(\varvec{p}\)=(\(\varvec{x}\),\(\varvec{y}\)) of \(F\) where \(W \subseteq Z\) but the variables of \(Z\) are redundant and hence \(\exists {X} [F] \equiv \exists {X} [H]\). Since \(\varvec{p}\) is a boundary point, \(F(\varvec{p}) = 0\). Since \(\varvec{p}\) is removable, \((\exists {X} [F])_{\varvec{y}} = 0\). On the other hand, since \(\varvec{p}\) falsifies only \(W\)-clauses of \(F\) it satisfies \(H\). Hence \((\exists {X} [H])_{\varvec{y}} = 1\) and \((\exists {X} [F])_{\varvec{y}} \ne (\exists {X} [H])_{\varvec{y}}\), which leads to a contradiction.

Only if part. Assume the contrary, i.e., the variables of \(Z\) are not redundant (and hence \(\exists {X} [F] \not \equiv \exists {X} [H]\)) and there does not exist an \(X\)-removable \(W\)-boundary point of \(F\), \(W \subseteq Z\). Let \(\varvec{y}\) be an assignment to \(Y\) such that \((\exists {X} [F])_{\varvec{y}} \ne (\exists {X} [H])_{\varvec{y}}\). One has to consider the following two cases.

• \((\exists {X} [F])_{\varvec{y}}=1\) and \((\exists {X} [H])_{\varvec{y}}=0\). Then there exists an assignment \(\varvec{x}\) to \(X\) such that (\(\varvec{x}\),\(\varvec{y}\)) satisfies \(F\). Since every clause of \(H\) is in \(F\), formula \(H\) is also satisfied by \(\varvec{p}\). So we have a contradiction.

• \((\exists {X} [F])_{\varvec{y}}=0\) and \((\exists {X} [H])_{\varvec{y}}=1\). Then there exists an assignment \(\varvec{x}\) to variables of \(X\) such that (\(\varvec{x}\),\(\varvec{y}\)) satisfies \(H\). Since \(F_{\varvec{y}} \equiv 0\), point (\(\varvec{x}\),\(\varvec{y}\)) falsifies \(F\). Since \(H(\varvec{p})=1\) and every clause of \(F\) that is not in \(H\) is a \(Z\)-clause, (\(\varvec{x}\),\(\varvec{y}\)) is a \(W\)-boundary point of \(F\) where \(W \subseteq Z\). Since \(F_{\varvec{y}} \equiv 0\), (\(\varvec{x}\),\(\varvec{y}\)) is an \(X\)-removable \(W\)-boundary point of \(F\), which leads to a contradiction. \(\square \)

Propositions of Sect. 3: boundary points and divide-and-conquer strategy

Proposition 3

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\) formula and \(\varvec{q}\) be an assignment to \( Vars (F)\). Let \(\varvec{p}\) be a \(Z\)-boundary point of \(F\) where \(\varvec{q} \subseteq \varvec{p}\) and \(Z \subseteq X\). Then, if \(\varvec{p}\) is removable in \(\exists {X} [F]\) it is also removable in \(\exists {X} [F_{\varvec{q}}]\).

Proof

Let \(Y\) denote \( Vars (F) \setminus X\). Assume the contrary. That is \(\varvec{p}\) is removable in \(\exists {X} [F]\) but is not removable in \(\exists {X} [F_{\varvec{q}}]\). The fact that \(\varvec{p}\) is removable in \(\exists {X} [F]\) means that there is a clause \(C\) implied by \(F\) and falsified by \(\varvec{p}\) that consists only of variables of \(Y\). Since \(\varvec{p}\) is not removable in \(\exists {X} [F_{\varvec{q}}]\), from Proposition 1 it follows that an assignment \(\varvec{s}\) satisfying \(F_{\varvec{q}}\) can be obtained from \(\varvec{p}\) by changing only values of variables of \(X \setminus Vars (\varvec{q})\). By construction, \(\varvec{p}\) and \(\varvec{s}\) have identical assignments to variables of \(Y\). So \(\varvec{s}\) has to falsify \(C\). On the other hand, by construction, \(\varvec{q} \subseteq \varvec{s}\). So, the fact that \(\varvec{s}\) satisfies \(F_{\varvec{q}}\) implies that \(\varvec{s}\) satisfies \(F\) too. Since \(\varvec{s}\) falsifies \(C\) and satisfies \(F\), \(C\) is not implied by \(F\) and we have a contradiction. \(\square \)

Proposition 4

Let \(\exists {X} [F]\) be a CNF formula and \(\varvec{q}\) be an assignment to variables of \(F\). Let the variables of \(Z\) be redundant in \(\exists {X} [F_{\varvec{q}}]\) with scope \(W\) where \(Z \subseteq (X \setminus Vars (\varvec{q}))\). Let a variable \(v\) of \(X \setminus ( Vars (\varvec{q}) \cup Z)\) be locally redundant in \(\exists {X} [F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z]\). Then the variables of \(Z \cup \{v\}\) are redundant in \(\exists {X} [F_{\varvec{q}}]\) with scope \(W \cup \{v\}\).

Proof

Assume the contrary, that is the variables of \(Z \cup \{v\}\) are not redundant with scope \(W \cup \{v\}\). Then from Definition 10 it follows that \(F_{\varvec{q}}\) has a \(Z'\)-boundary point \(\varvec{p}\) where \(Z' \subseteq Z \cup \{v\}\), \(\varvec{q} \subseteq \varvec{p}\) that is \((W \cup \{v\})\)-removable in \(F_{\varvec{q}}\). Let us consider the two possible cases:

• \(v \not \in Z'\) (and so \(Z' \subseteq Z\)). Since \(\varvec{p}\) is \((W \cup \{v\})\)-removable in \(F_{\varvec{q}}\), it is also \(W\)-removable in \(F_{\varvec{q}}\). Hence, the variables of \(Z\) are not redundant in \(\exists {X} [F_{\varvec{q}}]\) with scope \(W\) and we have a contradiction.

• \(v \in Z'\) (and so \(Z' \not \subseteq Z\)). Then \(\varvec{p}\) is a \(\{v\}\)-boundary point of \(F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z\). Indeed, there has to be a clause \(C\) of \(F_{\varvec{q}}\) falsified by \(\varvec{p}\) that contains variable \(v\). Otherwise, condition d) of the definition of a boundary point is broken because \(v\) can be removed from \(Z'\) (see Definition 8) . Let \(P\) denote the set of all points obtained from \(\varvec{p}\) by flipping values of variables of \(W \cup \{v\}\). Let us consider the following two possibilities.

  • Every point of \(P\) falsifies \(F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z\). This means that \(\varvec{p}\) is a \(\{v\}\)-removable \(\{v\}\)- boundary point of \(F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z\). So \(v\) is not locally redundant in \(\exists {X} [F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z]\) and we have a contradiction.

  • A point \(\varvec{d}\) of \(P\) satisfies \(F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z\). Let us consider the following two cases.

    • \(\varvec{d}\) satisfies \(F_{\varvec{q}}\). This contradicts the fact that \(\varvec{p}\) is a \((W \cup \{v\})\)-removable \(Z'\)-boundary point of \(F_{\varvec{q}}\). (By flipping variables of \(W \cup \{v\}\) one can obtain a point satisfying \(F_{\varvec{q}}\).)

    • \(\varvec{d}\) falsifies some clauses of \(F_{\varvec{q}}\). Since \(F_{\varvec{q}}\) and \(F_{\varvec{q}} \setminus (F_{\varvec{q}})^Z\) are different only in \(Z\)-clauses, \(\varvec{d}\) is a \(Z''\)-boundary point of \(F_{\varvec{q}}\) where \(Z'' \subseteq Z\). By construction, \(\varvec{p}\) and \(\varvec{d}\) are different only in values of variables from \(W \cup \{v\}\). So, the fact that \(\varvec{p}\) is a \((W \cup \{v\})\)-removable \(Z'\)-boundary point of \(F_{\varvec{q}}\) implies that \(\varvec{d}\) is a \(W\)-removable \(Z''\)-boundary point of \(F_{\varvec{q}}\). So the variables of \(Z\) are not redundant in \(F_{\varvec{q}}\) with scope \(W\), which leads to a contradiction. \(\square \)

Propositions of Sect. 4: two simple cases of local variable redundancy

Lemma 1

Let \(\varvec{p}\) be a \(\{v\}\)-boundary point of CNF formula \(G(Z)\) where \(v \in Z\). Let \(\varvec{p'}\) be obtained from \(\varvec{p}\) by flipping the value of \(v\). Then \(\varvec{p'}\) either satisfies \(G\) or it is also a \(\{v\}\)-boundary point of \(G\).

Proof

Assume the contrary, i.e., \(\varvec{p'}\) falsifies a clause \(C\) of \(G\) that does not have a literal of \(v\). (That is \(\varvec{p'}\) is neither a satisfying assignment nor a \(\{v\}\)-boundary point of \(G\).) Since \(\varvec{p}\) is different from \(\varvec{p'}\) only in the value of \(v\), it also falsifies \(C\). Then \(\varvec{p}\) is not a \(\{v\}\)-boundary point of \(G\) and we have a contradiction. \(\square \)

Proposition 5

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\) formula and \(\varvec{q}\) be an assignment to \( Vars (F)\). Let a variable \(v\) of \(X \setminus Vars (\varvec{q})\) be blocked in \(F_{\varvec{q}}\). Then \(v\) is locally redundant in \(\exists {X} [F_{\varvec{q}}]\).

Proof

Assume the contrary i.e. \(v\) is not locally redundant in \(\exists {X} [F_{\varvec{q}}]\). Then there is a \(v\)-removable \(\{v\}\)-boundary point \(\varvec{p}\) of \(F_{\varvec{q}}\). Note that the clauses of \(F_{\varvec{q}}\) falsified by \(\varvec{p}\) have the same literal \(l(v)\) of variable \(v\). Let \(\varvec{p'}\) be the point obtained from \(\varvec{p}\) by flipping the value of \(v\). According to Lemma 1, one needs to consider only the following two cases.

• \(\varvec{p'}\) satisfies \(F_{\varvec{q}}\). Since \(\varvec{p'}\) is obtained from \(\varvec{p}\) by changing only the value of \(v\), \(\varvec{p}\) is not \(\{v\}\)-removable in \(F_{\varvec{q}}\). So we have a contradiction.

• \(\varvec{p'}\) falsifies only the clauses of \(F_{\varvec{q}}\) with literal \(\overline{l(v)}\). (Point \(\varvec{p'}\) cannot falsify a clause with literal \(l(v)\).) Then there is a pair of clauses \(C\) and \(C'\) of \(F_{\varvec{q}}\) falsified by \(\varvec{p}\) and \(\varvec{p'}\) respectively that have opposite literals of variable \(v\). Hence \(v\) is not a blocked variable of \(F_{\varvec{q}}\) and we have a contradiction. \(\square \)

Proposition 6

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\) formula and \(\varvec{q}\) be an assignment to \( Vars (F)\). Let \(F_{\varvec{q}}\) have an empty clause. Then the variables of \(X \setminus Vars (\varvec{q})\) are locally redundant in \(\exists {X} [F_{\varvec{q}}]\).

Proof

Let \(X'=X \setminus Vars (\varvec{q})\). Assume the contrary i.e. the variables of \(X'\) are not locally redundant in \(\exists {X} [F_{\varvec{q}}]\). Then there is an \(X'\)-removable \(Z\)-boundary point where \(Z \subseteq X'\). However, the set of \(Z\)-boundary points of \(F_{\varvec{q}}\) is empty, which leads to a contradiction. Indeed, on the one hand, \(F_{\varvec{q}}\) contains an empty clause \(C\) that is falsified by any point. On the other hand, according to Definition 8, if \(\varvec{p}\) is a \(Z\)-boundary point, then \(Z\) is a non-empty set that has to contain at least one variable of every clause falsified by \(\varvec{p}\), in particular, a variable of clause \(C\). \(\square \)

Propositions of Sect. 5: dependency sequents (D-sequents)

Proposition 7

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\) formula. Let \(H = F \wedge G\) where \(F\) implies \(G\). Let \(\varvec{q}\) be an assignment to \( Vars (F)\). Then if \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) holds, the D-sequent \((\exists {X} [H],\varvec{q},W)~\rightarrow Z\) does too.

Proof

Assume the contrary, i.e., \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) holds but \((\exists {X} [H],\varvec{q},W)~\rightarrow Z\) does not. According to Definition 13, this means that variables of \(Z\) are not redundant in \(\exists {X} [H_{\varvec{q}}]\) with scope \(W\). That is, there is a \(W\)-removable \(Z'\)-boundary point \(\varvec{p}\) of \(H_{\varvec{q}}\) where \(Z' \subseteq Z\). The fact that the variables of \(Z\) are redundant in \(\exists {X} [F_{\varvec{q}}]\) with scope \(W\) means that \(\varvec{p}\) is not a \(W\)-removable \(Z''\)-boundary point of \(F_{\varvec{q}}\) where \(Z'' \subseteq Z\). This can happen for the following three reasons.

• \(\varvec{p}\) satisfies \(F_{\varvec{q}}\). Then it also satisfies \(H_{\varvec{q}}\) and hence cannot be a boundary point of \(H_{\varvec{q}}\). So we have a contradiction.

• \(\varvec{p}\) is not a \(Z''\)-boundary point of \(F_{\varvec{q}}\) where \(Z'' \subseteq Z\). That is \(\varvec{p}\) falsifies a clause \(C\) of \(F_{\varvec{q}}\) that does not contain a variable of \(Z\). Since \(H_{\varvec{q}}\) also contains \(C\), point \(\varvec{p}\) cannot be a \(Z'\)-boundary point of \(H_{\varvec{q}}\) where \(Z' \subseteq Z\). So we have a contradiction again.

• \(\varvec{p}\) is a \(Z''\)-boundary point of \(F_{\varvec{q}}\) where \(Z'' \subseteq Z\) but it is not \(W\)-removable in \(F_{\varvec{q}}\). This means that one can obtain a point \(\varvec{s}\) satisfying \(F_{\varvec{q}}\) by flipping values of variables of \(W\) in \(\varvec{p}\). Since \(\varvec{s}\) also satisfies \(H_{\varvec{q}}\), one has to conclude that \(\varvec{p}\) is not a \(W\)-removable point of \(H_{\varvec{q}}\). Thus we have a contradiction. \(\square \)

Proposition 8

Let D-sequent \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) hold. Let \(W'\) be a superset of \(W\) where \(W' \cap Vars (\varvec{q}) = \emptyset \). Then \((\exists {X} [F],\varvec{q},W')~\rightarrow Z\) holds as well.

Proof

Assume that \((\exists {X} [F],\varvec{q},W')~\rightarrow Z\) does not hold. Then there is a \(V\)-boundary point \(\varvec{p}\) of \(F_{\varvec{q}}\) where \(V \subseteq Z\) that is \(W'\)-removable in \(F_{\varvec{q}}\). Since \(W \subseteq W'\), point \(\varvec{p}\) is also \(W\)-removable. This means that \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) does not hold, which leads to a contradiction. \(\square \)

Proposition 9

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\) formula. Let D-sequents \((\exists {X} [F],\varvec{q'},W')~\rightarrow Z\) and \((\exists {X} [F],\varvec{q''},W'')~\rightarrow Z\) hold and \(( Vars (\varvec{q'}) \cap W'')=( Vars (\varvec{q''}) \cap W')=\emptyset \). Let \(\varvec{q'}\), \(\varvec{q''}\) be resolvable on \(v \in Vars (F)\) and \(\varvec{q}\) be the resolvent of \(\varvec{q'}\) and \(\varvec{q''}\). Then, the D-sequent \((\exists {X} [F],\varvec{q},W' \cup W'')~\rightarrow Z\) holds too.

Proof

Assume the contrary, that is D-sequent \((\exists {X} [F],\varvec{q},W' \cup W'')~\rightarrow Z\) does not hold and so the variables of \(Z\) are not redundant in \(\exists {X} [F_{\varvec{q}}]\) with scope \(W' \cup W''\). Then there is a \(Z^*\)-boundary point \(\varvec{p}\) where \(Z^* \subseteq Z\) and \(\varvec{q} \subseteq \varvec{p}\) that is \((W' \cup W'')\)-removable in \(F_{\varvec{q}}\). By definition of \(\varvec{q}\), the fact that \(\varvec{q} \subseteq \varvec{p}\) implies that \(\varvec{q'} \subseteq \varvec{p}\) or \(\varvec{q''} \subseteq \varvec{p}\). Assume, for instance, that \(\varvec{q'} \subseteq \varvec{p}\). The fact that \(\varvec{p}\) is a \(Z^*\)-boundary point of \(F_{\varvec{q}}\) implies that \(\varvec{p}\) is also a \(Z^*\)-boundary point of \(F_{\varvec{q'}}\). Since \(\varvec{p}\) is \((W' \cup W'')\)-removable in \(F_{\varvec{q}}\) it is also \(W'\)-removable in \(F_{\varvec{q'}}\). So the variables of \(Z\) are not redundant in \(F_{\varvec{q'}}\) with scope \(W'\) and D-sequent \((\exists {X} [F],\varvec{q'},W')~\rightarrow Z\) does not hold. So we have a contradiction. \(\square \)

Lemma 2

Let D-sequent \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) hold and \(\varvec{r}\) be an assignment such that \(\varvec{q} \subseteq \varvec{r}\) and \( Vars (\varvec{r}) \cap W = \emptyset \). Then D-sequent \((\exists {X} [F],\varvec{r},W)~\rightarrow Z\) holds too.

Proof

Assume the contrary i.e. the variables of \(Z\) are not redundant in \(F_{\varvec{r}}\) with scope \(W\). Then there is a \(Z'\)-boundary point \(\varvec{p}\) where \(Z' \subseteq Z\) that is \(W\)-removable in \(F_{\varvec{r}}\). Note that \(\varvec{p}\) is also a \(Z'\)-boundary point of \(F_{\varvec{q}}\) and it is also \(W\)-removable in \(F_{\varvec{q}}\). This implies that the variables of \(Z\) are not redundant in \(F_{\varvec{q}}\) with scope \(W\). So we have a contradiction. \(\square \)

Proposition 10

Let \(\varvec{s}\) and \(\varvec{q}\) be assignments to variables of \(F\) where \(\varvec{s} \subseteq \varvec{q}\). Let D-sequents \((\exists {X} [F],\varvec{s},W)~\rightarrow Z\) and \((\exists {X} [F \setminus F^Z],\varvec{q},\{v\})~\rightarrow \) \(\{v\}\) hold where \( Vars (\varvec{q}) \cap Z = \emptyset \) and \( Vars (\varvec{q}) \cap W = \emptyset \). Then D-sequent \((\exists {X} [F],\varvec{q},W \cup \{v\})~\rightarrow Z \cup \{v\}\) holds.

Proof

From Lemma 2 it follows that \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) holds. Proposition 4 implies that the variables of \(Z \cup \{v\}\) are redundant in \(F_{\varvec{q}}\) with scope \(W \cup \{v\}\). Hence D-sequent \((\exists {X} [F],\varvec{q},W \cup \{v\})~\rightarrow Z \cup \{v\}\) holds \(\square \)

Proposition of Sect. 7: description of \( DDS ~\)

In this section, we prove the correctness of \( DDS ~\) (Proposition 11). First we introduce a few new definitions and prove a few lemmas.

Definition 18

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\) formula, \(\varvec{q}\) be an assignment to \( Vars (F)\) and \(Z \subseteq (X \setminus Vars (\varvec{q}))\). We will call \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) a single-variable D-sequent if \(|Z|\)=1.

Definition 19

D-sequents \((\exists {X} [F],\varvec{q'},W')~\rightarrow \) \(\{v'\}\) and \((\exists {X} [F],\varvec{q''},W'')~\rightarrow \) \(\{v''\}\) are called compatible if

• \(\varvec{q'}\) and \(\varvec{q''}\) are compatible

• \(( Vars (\varvec{q'}) \cup Vars (\varvec{q''})) \cap (W' \cup W'' \cup \{v'\} \cup \{v''\}) = \emptyset \)

Definition 20

Let \(\varOmega \)  be a set of single-variable D-sequents for an \(\exists \mathrm {CNF}\)  formula \(\exists {X} [F]\). We will say that \(\varOmega \) is a set of compatible D-sequents if every pair of D-sequents of \(\varOmega \) is compatible.

Definition 21

Let \(\varOmega \)  be a set of compatible D-sequents for an \(\exists \mathrm {CNF}\)  formula \(\exists {X} [F]\). Denote by \({{\varvec{a}}}^{\varvec{\varOmega }}\)  the assignment that is the union of all \(\varvec{s}\) occurring in D-sequents \((\exists {X} [F],\varvec{s},W)\) \(\rightarrow W\) of \(\varOmega \). We will call \({{\varvec{a}}}^{\varvec{\varOmega }}\) the axis of \(\varOmega \). Denote by \({\varvec{W}}^{\varvec{\varOmega }}\) the union of the scopes \(W\) of the D-sequents of \(\varOmega \).

Definition 22

Let \(\varOmega \)  be a set of compatible D-sequents for an \(\exists \mathrm {CNF}\)  formula \(\exists {X} [F]\). Denote by \(\varvec{X^{\varOmega }}\) the set of all variables of \(X\) whose redundancy is stated by D-sequents of \(\varOmega \). In the following write-up we assume that \(|\varvec{X^{\varOmega }}| = |\varvec{\varOmega }|\). That is for every variable \(v\) of \(X^{\varOmega }\), set \(\varOmega \)  contains exactly one D-sequent stating the redundancy of \(v\).

Definition 23

Let \(\varOmega \)  be a set of compatible D-sequents for an \(\exists \mathrm {CNF}\)  formula \(\exists {X} [F]\). We will call D-sequent \((\exists {X} [F],\varvec{{{\varvec{a}}}^{\varvec{\varOmega }}},W^{\varOmega })~\rightarrow X^{\varOmega }\) the composite D-sequent for \(\varOmega \). We will call set \(\varOmega \) composable if the composite D-sequent of \(\varOmega \) holds for \(\exists {X} [F]\).

Lemma 3

Let \(v\) be the branching variable picked by \( DDS ~\)after making assignment \(\varvec{q}\). Assume for the sake of clarity that \(v=0\) and \(v=1\) are assignments of left and right branches respectively. Denote by \(\varOmega _0\) and \(\varOmega _1\) the sets of D-sequents derived in branches \(v=0\) and \(v=1\) respectively. Denote by \(\varOmega \) the set of D-sequents produced by procedure join_D_seqs of Fig. 5. Let \(\varPsi \),\(\varPsi _0\),\(\varPsi _1\) be subsets of \(\varOmega ,\varOmega _0,\varOmega _1\) and \(X^{\varPsi }\)=\(X^{\varPsi _0}\)=\(X^{\varPsi _1}\). Let the composite D-sequents of \(\varPsi _0\) and \(\varPsi _1\) hold. Then the composite D-sequent of \(\varPsi \) holds too.

Proof

Assume the contrary i.e. \((\exists {X} [F],\varvec{{{\varvec{a}}}^{\varvec{\varPsi }}},W^{\varPsi })~\rightarrow X^{\varPsi }\) does not hold. Then there is a \(Z\)-boundary point \(\varvec{p}\) of \(F_{\varvec{{{\varvec{a}}}^{\varvec{\varPsi }}}}\) where \(Z \subseteq X^{\varPsi }\) that is \(W^{\varPsi }\)-removable. Let \(v\) be a variable of \(X^{\varPsi }\). Denote by \(\varvec{q_0}\) and \(\varvec{q_1}\) the points \(\varvec{q} \cup \{(v=0)\}\) and \(\varvec{q} \cup \{(v=1)\}\) respectively. Let \((\exists {X} [F],\varvec{s_0},W_0)~\rightarrow \{v\}\), \((\exists {X} [F],\varvec{s_1},W_1)~\rightarrow \{v\}\), \((\exists {X} [F],\varvec{s},W)~\rightarrow \{v\}\) be the D-sequents derived in subspaces \(\varvec{q_0}\), \(\varvec{q_1}\) and \(\varvec{q}\) respectively. We can have two situations here. First, all three D-sequents are equal to each other because the D-sequent of subspace \(\varvec{q_0}\) is symmetric in \(v\). In this case, \(W\)=\(W_0\)=\(W_1\). Second, the D-sequent of subspace \(\varvec{q}\) is obtained by joining the D-sequents of subspaces \(\varvec{q_0}\) and \(\varvec{q_1}\) at variable \(v\). In this case, \(W = W_0 \cup W_1\). In either case \(W_0 \subseteq W\) and \(W_1 \subseteq W\) hold. Hence \(W^{\varPsi _0} \subseteq W^{\varPsi }\) and \(W^{\varPsi _1} \subseteq W^{\varPsi }\).

By construction, \(\varvec{q_0} \subseteq \varvec{p}\) or \(\varvec{q_1} \subseteq \varvec{p}\). Assume for the sake of clarity that \(\varvec{q_0} \subseteq \varvec{p}\) holds. Then point \(\varvec{p}\) is a \(Z\)-boundary point of \(F_{\varvec{{{\varvec{a}}}^{\varvec{\varPsi _0}}}}\) where \(Z \subseteq X^{\varPsi _0}\) that is \(W^{\varPsi _0}\)-removable. Hence, the composite D-sequent \((\exists {X} [F],\varvec{{{\varvec{a}}}^{\varvec{\varPsi _0}}},W^{\varPsi _0})~\rightarrow X^{\varPsi _0}\) does not hold. So we have a contradiction.  \(\square \)

Lemma 4

Let D-sequent \((\exists {X} [F],\varvec{q},W)~\rightarrow Z\) hold. Let \(V\) be a subset of \(Z\). Then D-sequent \((\exists {X} [F],\varvec{q},W)~\rightarrow V\) holds too.

Proof

Assume that \((\exists {X} [F],\varvec{q},W)~\rightarrow V\) does not hold. Then there is a \(V'\)-boundary point \(\varvec{p}\) where \(V' \subseteq V\) that is \(W\)-removable in \(F_{\varvec{q}}\). Since \(V' \subseteq Z\) this means that \(Z\) is not redundant in \(\exists {X} [F_{\varvec{q}}]\) with scope \(W\). So we have a contradiction. \(\square \)

Lemma 5

Let \(\varOmega \) be a compatible set of D-sequents for an \(\exists \mathrm {CNF}\) formula \(\exists {X} [F]\). Let \(\varvec{q}\) be an assignment to variables of \( Vars (F)\) such that \({{\varvec{a}}}^{\varvec{\varOmega }}\subseteq \varvec{q}\) where \({{\varvec{a}}}^{\varvec{\varOmega }}\)is the axis of \(\varOmega \). Let \(v \in X \setminus ( Vars (\varvec{q})~\cup ~X^{\varOmega })\) be a blocked variable of \(F_{\varvec{q}}\). Let \(\varvec{s}\) be an assignment defined as follows. For every pair of clauses \(A,B\) of \(F\) that can be resolved on variable \(v\), \(\varvec{s}\) contains either

1. 1.

   an assignment satisfying \(A\) or \(B\) or

2. 2.

   all the assignments of \(\varvec{r}\) such that

   • a D-sequent \((\exists {X} [F],\varvec{r},W')~\rightarrow \) \(\{v'\}\) is in \(\varOmega \)  and

   • \(A\) or \(B\) contains variable \(v'\)

Denote by \(\varPsi \) the subset of \(\varOmega \) comprising of all D-sequents \((\exists {X} [F],\varvec{r})\!\!\rightarrow \!\!\{w\}\) that were used in the second condition above. Let the composite D-sequent \((\exists {X} [F],\varvec{{{\varvec{a}}}^{\varvec{\varPsi }}},W^{\varPsi })~\rightarrow X^{\varPsi }\) hold. Then a D-sequent \((\exists {X} [F],\varvec{\varvec{s}},W^{\varPsi } \cup \{v\})~\rightarrow \) \(\{v\}\) holds.

Proof

Notice that variable \(v\) is blocked in formula \(F_{\varvec{s}} \setminus (F_{\varvec{s}})^{X^{\varPsi }}\). Then Proposition 5 entails that \(v\) is redundant in \(F_{\varvec{s}} \setminus (F_{\varvec{s}})^{X^{\varPsi }}\). Since, by construction, \({{\varvec{a}}}^{\varvec{\varPsi }} \subseteq \varvec{s}\), then Lemma 2 implies that D-sequent \((\exists {X} [F],\varvec{\varvec{s}},W^{\varPsi })~\rightarrow X^{\varPsi }\) holds. Then from Proposition 4 it follows that the D-sequent \((\exists {X} [F],\varvec{\varvec{s}},W^{\varPsi } \cup \{v\})~\rightarrow X^{\varPsi } \cup \{v\}\) holds. Then Lemma 4 entails that the D-sequent \((\exists {X} [F],\varvec{\varvec{s}},W^{\varPsi } \cup \{v\})~\rightarrow \) \(\{v\}\) holds \(\square \)

Lemma 6

Let \(\exists {X} [F]\) be an \(\exists \mathrm {CNF}\). Let \(C\) be a clause of \(F\) falsified by an assignment \(\varvec{q}\). Let \(v\) be a variable of \(X \setminus Vars (\varvec{q})\). Then D-sequent \((\exists {X} [F],\varvec{\varvec{s}},\{v\})~\rightarrow \) \(\{v\}\) holds where \(\varvec{s}\) is the shortest assignment falsifying \(C\).

Proof

The proof is similar to that of Proposition 6.

Lemma 7

Any subset of active D-sequents derived by \( DDS ~\)is composable.

Proof

Let us first give an informal argument. As we mentioned in Sect. 5.3, D-sequents \((\exists {X} [F],\varvec{q'},W')~\rightarrow \) \(\{v'\}\) and \((\exists {X} [F],\varvec{q''},W')~\rightarrow \) \(\{v''\}\) may be uncomposable if proving redundancy of both \(v'\) and \(v''\) involves circular reasoning where \(\{v'\}\)-clauses are used to prove redundancy of variable \(v''\) and vice versa. \( DDS ~\)avoids circular reasoning by keeping the \(\{v\}\)-clauses removed from \(\exists {X} [F]\) as long as a D-sequent for variable \(v\) remains active. Thus, if, for instance, \(\{v'\}\)-clauses are used to prove redundancy of variable \(v''\), the \(\{v''\}\)-clauses are removed from \(F\) and cannot be used to prove redundancy of variable \(v'\). In other words, for every path of the search tree, variables \(v'\) and \(v''\) are proved redundant in a particular order (but this order may be different for different paths).

Let \(\varPsi \) be a set of active D-sequents. To show composability of D-sequents from \(\varPsi \) one needs to consider the following three cases.

1. 1.

   All D-sequents of \(\varPsi \) are atomic. Assume for the sake of simplicity that \(\varPsi = \{S',S''\}\) where \(S'\) and \(S''\) are equal to \((\exists {X} [F],\varvec{q'},W')~\rightarrow \) \(\{v'\}\) and \((\exists {X} [F],\varvec{q''},W')~\rightarrow \) \(\{v''\}\) respectively. One can have two different cases here.

   • \(S'\) and \(S''\) are independent of each other. That is there is no clause \(C\) of \(F\) that has variables \(v'\) and \(v''\) and is not blocked at \(v'\) or \(v''\). In this case, one can easily show that the D-sequent \((\exists {X} [F],\varvec{q' \cup q''},W' \cup W'')~\rightarrow \) \(\{v',v''\}\) holds.

   • \(S'\) and \(S''\) are interdependent. This can happen only if \(S'\) and \(S''\) are D-sequents derived when \(v'\) and \(v''\) are blocked. Atomic D-sequents derived due to the presence of a clause falsified by \(\varvec{q}\) (see Lemma 6) are independent of each other or D-sequents of blocked variables. Suppose the fact that \(v'\) is blocked is used to prove that \(v''\) is blocked as well. Then Lemma 5 entails that \(\varvec{q'} \subseteq \varvec{q''}\) and \(W' \subseteq W''\) and that D-sequent \((\exists {X} [F],\varvec{q''},W'')~\rightarrow Z\) holds where \(\{v',v''\} \subseteq Z\). Then the composability of \(S'\) and \(S''\) simply follows from Lemma 4.

2. 2.

   The set \(\varPsi \) is obtained from set \(\varPsi _0\) and \(\varPsi _1\) when merging branches \(v=0\) and \(v=1\). Then Lemma 3 entails that if \(\varPsi _0\) and \(\varPsi _1\) are composable, then \(\varPsi \) is composable as well.

3. 3.

   \(\varPsi \) is a mix of atomic and non-atomic D-sequents. Assume for the sake of simplicity that \(\varPsi = \{S',S''\}\) where \(S'\) and \(S''\) are equal to \((\exists {X} [F],\varvec{q'},W')~\rightarrow \) \(\{v'\}\) and \((\exists {X} [F],\varvec{q''},W')~\rightarrow \) \(\{v''\}\) respectively. Assume that \(S'\) is a result of join operations while \(S''\) is atomic. Let \(S'_1,\ldots ,S'_k\) be the set of atomic D-sequents that are ancestors of \(S'\). Here \(S'_i = (\exists {X} [F],\varvec{q'_i},W'_i)~\rightarrow \{v'\}\). Let \(S''_1,\ldots ,S''_k\) be the set of D-sequents obtained from \(S''\) where \(S''_i = (\exists {X} [F],\varvec{q'_i \cup q''},W'')~\rightarrow \{v''\}\). Due to Lemma 2, each D-sequent \(S''_i\) holds. Since \(S'_i,S''_i\) are atomic this case is covered by item 1 above and so they are composable. Then the D-sequents obtained by composition of \(S'_i,S''_i\) can be joined producing correct D-sequents (due to correctness of operation join). Eventually, a correct D-sequent that is the composite of \(S'\) and \(S''\) will be derived \(\square \)

Proposition 11

\( DDS ~\)is sound and complete.

Proof

First, we show that \( DDS ~\)is complete. \( DDS ~\)builds a binary search tree and visits every node of this tree at most three times (when starting the left branch, when backtracking to start the right branch, when backtracking after the right branch is finished). So \( DDS ~\)is complete.

Now we prove that \( DDS ~\)is sound. \( DDS ~\)terminates in two cases. First, it terminates when an empty clause is derived, which means that \(F\) is unsatisfiable. In this case, the formula \(G\) returned by \( DDS ~\)consists only of an empty clause. This result is correct because this clause is built by resolving clauses of \(F\) and resolution is sound. Second, \( DDS ~\)terminates after building a sequence of D-sequents \((\exists {X} [F],\emptyset ,X_{i_1}) \rightarrow \{x_{i_1}\}\), \(\ldots \) ,\((\exists {X} [F],\emptyset ,X_{i_k}) \rightarrow \{x_{i_k}\}\). Here \(x_{i_1},...,x_{i_k}\) are the variables forming \(X\) and \(\{x_{i_m}\} \subseteq X_{i_m} \subseteq X\), \(m=1,\ldots ,k\). We need to show that these D-sequents are correct and composable. The latter means that the D-sequent \((\exists {X} [F],\emptyset ,X) \rightarrow X\) holds and so the variables of \(X\) are redundant in the formula \(\exists {X} [F]\) returned by \( DDS ~\).

Let us carry out the proof by induction in the number of steps of \( DDS ~\). The algorithm has two kinds of steps. A step of the first kind is to add a new atomic D-sequent to an existing set \(\varOmega \) of active D-sequents. A step of the second kind is to produce a new set of D-sequents \(\varOmega \) from the sets of D-sequents \(\varOmega _0\) and \(\varOmega _1\) obtained in branches \(v=0\) and \(v=1\).

Let \(\varvec{q^k}\) be the assignment made by \( DDS ~\)after steps \(1,\ldots ,k\). Let \(\varOmega ^k\) be the set of D-sequents maintained by \( DDS ~\)that are active in subspace \(\varvec{q^k}\). (We assume here that every D-sequent is discarded after it takes part in a join operation. So for one redundant variable \(\varOmega \) contains only one active D-sequent.)

The induction hypothesis is as follows. The fact that D-sequents of \(\varOmega ^k\) are individually correct and every subset of \(\varOmega ^k\) is composable implies that the D-sequents of \(\varOmega ^{k+1}\) are correct and every subset of \(\varOmega ^{k+1}\) is composable.

The base step, \(k\)=1. We need to consider the following two situations.

• The first atomic D-sequent \(S\) is derived. In this case, its correctness follows Lemmas 5, 6. Since \(\varOmega ^1\) consists only of one D-sequent, every subset of \(\varOmega ^1\) is obviously composable.

• The first step consists of merging empty sets of D-sequents \(\varOmega ^1_0\) and \(\varOmega ^1_1\) derived in branches \(v=0\) and \(v=1\). In this case, \(\varOmega \) is empty. So the claims that every D-sequent of \(\varOmega \) is correct and all subsets are composable are vacuously true.

The induction step. We need to consider the following two situations.

• The set \(\varOmega ^{k+1}\) is produced by adding an atomic D-sequent \(S\) to \(\varOmega ^k\). The correctness of \(S\) follows from Lemmas 5, 6. Notice that to apply Lemma 5 we need to use the induction hypothesis. The fact that every subset of D-sequents of \(\varOmega ^k \cup \{S\}\) is composable can be proved using the reasoning of Lemma 7. (Notice that we cannot directly apply Lemma 7 because this lemma itself needs to be proved by induction. In the sketch of a proof of Lemma 7, we just gave reasoning one can use to perform such a proof.)

• The set \(\varOmega ^{k+1}\) is produced by merging sets of D-sequents \(\varOmega ^k_0\) and \(\varOmega ^k_1\) derived in branches \(v=0\) and \(v=1\). The correctness of individual D-sequents of \(\varOmega ^{k+1}\) follows from the induction hypothesis and the correctness of operation join (Proposition 9). Lemma 3 and the induction hypothesis entail that every subset of D-sequents of \(\varOmega ^{k+1}\) is composable. \(\square \)

Proposition of Sect. 8: compositionality of \( DDS ~\)

Definition 24

We will refer to D-sequents derived due to appearance of an empty clause in formula \(F_{\varvec{q}}\) (see Sect. 7.2) as clause D-sequents.

Proposition 12 (compositionality of DDS)

Let \(T\) be the search tree built by \( DDS ~\)when solving the QE problem \(\exists {X}[F_1 \wedge \ldots \wedge F_k]\), \( Vars (F_i) \cap Vars (F_j)= \emptyset \), \(i \ne j\). Let \(X_i = X \cap Vars (F_i)\) and \(Y_i = Vars (F_i) \setminus X\). The number of nodes in \(T\) is bounded by \(| Vars (F)|\cdot (\eta (X_1 \cup Y_1) + \ldots + \eta (X_k \cup Y_k))\) where \(\eta (X_i \cup Y_i) = 2 \cdot 3^{|X_i \cup Y_i|} \cdot (|X_i| + 1), i=1,\ldots ,k\) no matter how decision branching variables are chosen.

Proof

Denote by \(Y\) the set of variables \( Vars (F) \setminus X\).

Let \(P\) be a path of \(T\) and \(n(v)\) be a node of \(T\) on \(P\). Here \(v\) is the branching variable selected in the node \(n\) by \( DDS ~\). We will call \(n(v)\) a BCP node, if the variable \(v\) was selected due to its presence in a unit clause of \(F_{\varvec{q}}\). We will call \(P\) an essential path, if for every BCP node \(n(v)\) lying on \(P\) (if any) the latter corresponds to the right branch of \(n\). That is variable \(v\) is currently assigned the value satisfying the unit clause \(C\) of \(F_{\varvec{q}}\) due to which \(v\) was picked. Recall that the first value assigned to \(v\) by \( DDS ~\)falsifies \(C\).

Let \(d\) denote the total number of nodes of essential paths. Notice that the number of all nodes of \(T\) is bounded by \(2\cdot d\). The reason is that a non-essential path contains a BCP node \(n(v)\) where \(v\) is assigned the value falsifying the unit clause due to which \(v\) was selected. So the last node of this path is the left child of node \(n(v)\). Thus the number of nodes lying only on non-essential paths is bounded by the number of BCP nodes of \(T\). Since every BCP node lies on an essential path, the total number of nodes of \(T\) is bounded by \(2\cdot \!d\).

Denote by \(N_ ess\_paths \) the total number of essential paths of \(T\). Denote by \(N_ res\_cl \) the total number of resolvent clauses generated by \( DDS ~\). Denote by \(N_ D\_seqs \) the total number of D-sequents generated by \( DDS ~\)with the exception of clause D-sequents.

We do the rest of the proof in two steps. First we show that \(N_ ess\_paths ~\le N_ res\_cl ~+~N_ D\_seqs \). Since a path of \(T\) cannot contain more than \(|X \cup Y|\) nodes, this means that the total number of nodes of \(T\) is bounded by \(2\cdot |X \cup Y| \cdot (N_ res\_cl + N_ D\_seqs )\). In the second step, we show that \(2 \cdot (N_ res\_cl + N_ D\_seqs ) \le \eta (X_1 \cup Y_1) + \ldots + \eta (X_k \cup Y_k)\) where \(\eta (X_i \cup Y_i) = 2\cdot 3^{|X_i \cup Y_i|} \cdot (|X_i| + 1), i=1,\ldots ,k\).

FIRST STEP: To prove that \(N_ ess\_paths ~\le ~N_ res\_cl ~+~N_ D\_seqs \) we show that every essential path of \(T\) corresponds to a new resolvent clause or a new D-sequent generated by \( DDS ~\) that is not a clause D-sequent. Let \(P\) be an essential path of \(T\). Let \(v \in X \cup Y\) be the first variable of \(P\) picked by \( DDS ~\)for branching. The very fact that \(v\) was selected means that some of the variables of \(X\) were not proved redundant in \(\exists {X} [F]\) yet. Let us assume the contrary, that is \( DDS ~\)is able to finish \(P\) without generating a new clause or a new D-sequent that is not a clause D-sequent. This only possible if \( DDS ~\)can assign all free non-redundant variables of \(X\) without running into a conflict (in which case a new clause is generated) or producing a new blocked variable (in which case a new non-clause D-sequent is generated).

Let \(x \in X\) be the last variable assigned by \( DDS ~\)on path \(P\). That is every variable of \(X \setminus \{x\}\) is either assigned or proved redundant before making an assignment to \(x\). Let \(\varvec{q}\) be the set of assignments on path \(P\) made by \( DDS ~\) before reaching the node \(n(x)\), and \(X'\) be the set of all redundant variables of \(X\) in \(F_{\varvec{q}}\). Since variables of \(Y\) are assigned before those of \(X\), the current formula, i.e., formula \(F_{\varvec{q}} \setminus F^{X'}_{\varvec{q}}\) can only contain unit clauses that depend on variable \(x\). The two possibilities for the unit clauses depending on \(x\) are as follows.

• \(F_{\varvec{q}} \setminus F^{X'}_{\varvec{q}}\) contains both clauses \(x\) and \(\overline{x}\). Then, \( DDS ~\)generates a new clause and we have contradiction.

• \(F_{\varvec{q}} \setminus F^{X'}_{\varvec{q}}\) does not contain either \(x\) or \(\overline{x}\) or both. Then \(x\) is blocked and \( DDS ~\)generates a new non-clause D-sequent. Thus we have a contradiciton again.

SECOND STEP: Notice that no clause produced by resolution can share variables of two different subformulas \(F_i\) and \(F_j\). This means that for every clause \(C\) produced by \( DDS ~\), \( Vars (C) \subseteq (X_i \cup Y_i)\) for some \(i\). The total number of clauses depending on variables of \(X_i \cup Y_i\) is \(3^{|X_i \cup Y_i|}\). So \(N_ res\_cl \le 3^{|X_1 \cup Y_1|} + \ldots + 3^{|X_k \cup Y_k|}\).

Now we show that \(N_ D\_seqs \le |X_1|\cdot 3^{|X_1 \cup Y_1|} + \ldots + |X_k|\cdot 3^{|X_k \cup Y_k|}\) and hence \(2\cdot (N_ res\_cl + N_ D\_seqs ) \le \eta (X_1 \cup Y_1) + \ldots + \eta (X_k \cup Y_k)\). The idea is to prove that every non-clause D-sequent generated by \( DDS ~\)is limited to \(\varvec{F_i}\), i.e., has the form \((\exists {X} [F],\varvec{s},W)~\rightarrow \) \(\{x\}\) where \( Vars (\varvec{s}) \subseteq X_i \cup Y_i\) , \(W \subseteq X_i\) and \(x \in X_i\). Recall that due to Proposition 7, D-sequent \((\exists {X} [F],\varvec{s},W)~\rightarrow \) \(\{x\}\) is invariant to adding resolvent clauses to \(F\). For that reason, we will ignore the parameter \(\exists {X} [F]\) when counting the number of D-sequents limited to \(F_i\). Besides, due to Proposition 8, one can always increase the scope of a D-sequent. For that reason, when counting D-sequents, we will also ignore the parameter \(W\). Then the total number of D-sequents limited to \(F_i\) is equal to \(|X_i| \cdot 3^{|X_i \cup Y_i|}\). So the total number of D-sequents limited to \(F_i\), \(i=1,\ldots ,k\) is bounded by \(|X_1|\cdot 3^{|X_1 \cup Y_1|} + \ldots + |X_k|\cdot 3^{|X_k \cup Y_k|}\). The factor \(|X_i|\) is the number of variables appearing on the right side of a D-sequent limited to \(F_i\). The factor \(3^{|X_i \cup Y_i|}\) specifies the total number of all possible assignments \(\varvec{s}\).

Now we prove that every non-clause D-sequent derived by \( DDS ~\)is limited to a formula \(F_i\). We carry out this proof by induction. Our base statement is that D-sequents of an empty set are limited to \(F_i\). It is vacuously true. Assume that the non-clause D-sequents generated so far are limited to \(F_i\) and then show that this holds for the next non-clause D-sequent \(S\). Let \(S\) be a D-sequent \((\exists {X} [F],\varvec{s},W)~\rightarrow \) \(\{x\}\) generated for a blocked variable \(x \in X_i\). Such a D-sequent is built as described in Lemma 5. Then \(\varvec{s}\) consists of assignments that either satisfy \(\{x\}\)-clauses of \(F\) or are the reason for redundancy of \(\{x\}\)-clauses. Since clauses of different subformulas cannot be resolved with each other, every \(\{x\}\)-clause of \(F\) can only have variables of \(F_i\) where \(x \in Vars (F_i)\). By the induction hypothesis every non-clause D-sequent is limited to some subformula. On the other hand, \( DDS ~\)looks for blocked variables when \(F_{\varvec{q}}\) has no empty clause. So, at the time \(S\) is derived, no variable of \(F_{\varvec{q}}\) can be redundant due to a clause D-sequent. This means that if a variable \(x^*\) of an \(\{x\}\)-clause of \(F\) is redundant due to D-sequent \((\exists {X} [F],\varvec{s^*},W^*)~\rightarrow \) \(\{x^*\}\) then \( Vars (\varvec{s^*}) \subseteq Vars (F_i)\). So \( Vars (\varvec{s}) \subseteq Vars (F_i)\).

Now consider the case when \(S\) is obtained by joining two D-sequents \(S'\), \(S''\). Let us consider the following three possibilities

• Neither \(S'\) nor \(S''\) is a clause D-sequent. Then according to the induction hypothesis they should be limited to \(F_i\). (They cannot be limited to different subformulas because then they cannot be joined due to absence of a common variable.) Then due to Definition 15, the D-sequent produced by joining \(S'\) and \(S''\) is also limited to \(F_i\).

• Either \(S'\) or \(S''\) is a clause D-sequent. Let us assume for the sake of clarity that this is the D-sequent \(S'\). This means that \(S'\) has the form \((\exists {X} [F],\varvec{s},\{x\})~\rightarrow \) \(\{x\}\) where \(\varvec{s}\) is the minimum set of assignments falsifying a clause \(C\) of \(F\) and \(x \in X \setminus Vars (\varvec{s})\). Since for any resolvent \(C\) of \(F\), \( Vars (C) \subseteq Vars (F_i)\), then \( Vars (\varvec{s}) \subseteq Vars (F_i)\). By the induction hypothesis, \(S''\) is limited to \(F_j\). Since \(S'\) and \(S''\) have at least one common variable (at which they are joined), \(j\) has to be equal to \(i\). So \(x \in X_i\). Then joining \(S'\) with \(S''\) produces a D-sequent that is also limited to \(F_i\).

• Both \(S'\) and \(S''\) are clause D-sequents. We do not care about this situation because by joining \(S'\) and \(S''\) one obtains a clause D-sequent \(\square \)